research-article

Smart toys and children's privacy: usable privacy policy insights from a card sorting experiment

Authors:

André de Lima Salgado,

Felipe Silva Dias,

João Pedro Rodrigues Mattos,

Renata Pontin de Mattos Fortes,

Patrick C. K. HungAuthors Info & Claims

SIGDOC '19: Proceedings of the 37th ACM International Conference on the Design of Communication

Article No.: 16, Pages 1 - 8

https://doi.org/10.1145/3328020.3353951

Published: 04 October 2019 Publication History

Abstract

Smart toys are new to the Internet of Things market, and its connectivity to the cloud have raised concerns about children's privacy. Parents and legal guardians have striven to protect the privacy of their owns. However, current approaches for privacy control still lack usability for lay people. In this paper, we have explored the use of Card Sorting to enhance the usability of a privacy control for smart toys. Our goal was to identify and describe benefits of this technique to the design of more usable privacy controls. For this reason, we conducted a case study with voluntarily participants. We chose a parental control model from the literature to be the subject of evaluation for the experiment. Therefore, we extracted 19 units of information from its interface, and put them into cards for the Card Sorting evaluation. After the experiment, we obtained 30 valid responses. From these responses we performed a cluster analysis to understand the best alternative to group privacy related contents. Our contributions include a new model for nutrition label style mobile parental privacy controls for smart toys, suggestion of Google Material Design icons to be applied as indication for groups of privacy policies and, finally, a six steps process to perform Card Sorting with cluster analysis that does not rely on users' discussions to compose the Information Architecture hierarchy.

References

[1]

Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online. ACM Comput. Surv. 50, 3, Article 44 (Aug. 2017), 41 pages.

Digital Library

[2]

Alessandro Acquisti, Curtis R. Taylor, and Liad Wagman. 2016. The Economics of Privacy. SSRN Scholarly Paper. Social Science Research Network, Rochester, NY. https://papers.ssrn.com/abstract=2580411

[3]

M. Aljohani, J. Blustein, and K. Hawkey. 2017. Participatory Design Research to Understand the Legal and Technological Perspectives in Designing Health Information Technology. In Proceedings of the 35th ACM International Conference on the Design of Communication (SIGDOC '17). ACM, New York, NY, USA, Article 39, 3 pages.

Digital Library

[4]

E. Bertino. 2016. Data Security and Privacy: Concepts, Approaches, and Research Directions. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. 401.

[5]

Kelly Caine. 2016. Local Standards for Sample Size at CHI. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI '16). ACM, New York, NY, USA, 981--992.

Digital Library

[6]

Hichang Cho, Bart Knijnenburg, Alfred Kobsa, and Yao Li. 2018. Collective Privacy Management in Social Media: A Cross-Cultural Validation. ACM Transactions on Computer-Human Interaction 25, 3 (June 2018), 1--33.

Digital Library

[7]

Luca Alexander De and Emanuel von Zezschwitz. 2016. Usable privacy and security. it - Information Technology 58, 5 (2016), 215--216.

[8]

André de Lima Salgado, Fabrício Horácio Sales Pereira, and André Pimenta Freire. 2016. User-Centred Design and Evaluation of Information Architecture for Information Systems. In Handbook of Research on Information Architecture and Management in Modern Organizations. IGI Global, 219--236.

[9]

ISO: International Organization for Standardization. 2016. ISO/IEC 25066:2016(en), Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - Common Industry Format (CIF) for Usability - Evaluation Report. https://www.iso.org/obp/ui/#iso:std:iso-iec:25066:ed-1:v1:en

[10]

ISO: International Organization for Standardization. 2016. ISO/IEC 27000:2016(en), Information technology - Security techniques - Information security management systems - Overview and vocabulary. https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-4:v1:en

[11]

Simson Garfinkel and Heather Richter Lipford. 2014. Usable Security: History, Themes, and Challenges. SYNTHESIS LECTURES ON INFORMATION SECURITY, PRIVACY, AND TRUST, Vol. 5. Morgan & Claypool Publishers.

[12]

Patrick C. K. Hung, Jeff K. T. Tang, and Kamen Kanev. 2017. Introduction. In Computing in Smart Toys, Jeff K.T. Tang and Patrick C. K. Hung (Eds.). Springer International Publishing, Cham, 1--5.

[13]

Jakob Nielsen. 2018. 10 Heuristics for User Interface Design. https://www.nngroup.com/articles/ten-usability-heuristics/

[14]

Julian Jang-Jaccard and Surya Nepal. 2014. A survey of emerging threats in cybersecurity. J. Comput. System Sci. 80, 5 (Aug. 2014), 973--993.

[15]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. 2009. A "Nutrition Label" for Privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, 4:1--4:12.

Digital Library

[16]

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as part of the app decision-making process. ACM Press, 3393.

Digital Library

[17]

Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security 64, Supplement C (Jan. 2017), 122--134.

Digital Library

[18]

James R. Lewis. 2014. Usability: Lessons Learned and Yet to Be Learned. International Journal of Human-Computer Interaction 30, 9 (2014), 663--684.

[19]

Peter Morville and Louis Rosenfeld. [n. d.]. Information Architecture for the World Wide Web. http://shop.oreilly.com/product/9780596527341.do

[20]

Fionn Murtagh and Pierre Legendre. 2014. Ward's Hierarchical Agglomerative Clustering Method: Which Algorithms Implement Ward's Criterion? Journal of Classification 31, 3 (Oct. 2014), 274--295.

Digital Library

[21]

Jakob Nielsen and Raluca Budiu. 2013. Mobile usability. MITP-Verlags GmbH & Co. KG.

[22]

Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Faith Cranor. 2018. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. Proceedings on Privacy Enhancing Technologies 2018, 4 (2018). https://content.sciendo.com/view/journals/popets/2018/4/article-p5.xml

[23]

Federica Paci, Anna Squicciarini, and Nicola Zannone. 2018. Survey on Access Control for Community-Centered Collaborative Systems. ACM Comput. Surv. 51, 1 (Jan. 2018), 6:1--6:38.

Digital Library

[24]

Hannah Quay-de la Vallee, Paige Selby, and Shriram Krishnamurthi. 2016. On a (Per)Mission: Building Privacy Into the App Marketplace. ACM Press, 63--72.

Digital Library

[25]

Laura Rafferty, Marcelo Fantinato, and Patrick C. K. Hung. 2015. Privacy Requirements in Toy Computing. In Mobile Services for Toy Computing, Patrick C. K. Hung (Ed.). Springer International Publishing, 141--173. http://link.springer.com/chapter/10.1007/978-3-319-21323-1_8

[26]

Laura Rafferty, Patrick C. K. Hung, Marcelo Fantinato, Sarajane Marques Peres, Farkhund Iqbal, Sy-Yen Kuo, and Shih-Chia Huang. 2017. Towards a Privacy Rule Conceptual Model for Smart Toys. In Computing in Smart Toys. Springer, Cham, 85--102.

[27]

Robert W. Reeder. 2008. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD Thesis. Carnegie Mellon University.

[28]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. 2008. Expandable Grids for Visualizing and Authoring Computer Security Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 1473--1482.

Digital Library

[29]

F. Schaub, R. Balebako, and L. F. Cranor. 2017. Designing Effective Privacy Notices and Controls. IEEE Internet Computing 21, 3 (May 2017), 70--77.

Digital Library

[30]

A. C. Squicciarini, D. Lin, S. Sundareswaran, and J. Wede. 2015. Privacy Policy Inference of User-Uploaded Images on Content Sharing Sites. IEEE Transactions on Knowledge and Data Engineering 27, 1 (Jan. 2015), 193--206.

[31]

Jeremiah D. Still. 2016. Cybersecurity Needs You! interactions 23, 3 (April 2016), 54--58.

Digital Library

[32]

Alma Whitten and J. D. Tygar. 1999. Why Johnny Can'T Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8 (SSYM'99). USENIX Association, Berkeley, CA, USA, 14--14. http://dl.acm.org/citation.cfm?id=1251421.1251435

Digital Library

Cited By

Salgado AHung PFortes R(2023)Six usable privacy heuristicsProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638111(1-11)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3638067.3638111
Barth SIonita DHartel P(2023)Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design GuidelinesACM Computing Surveys10.1145/350228855:3(1-37)Online publication date: 30-Apr-2023
https://doi.org/10.1145/3502288
Guizani MSteinmacher IEmard JFallatah ABurnett MSarma ABegel ABlincoe K(2022)How to debug inclusivity bugs?Proceedings of the 2022 ACM/IEEE 44th International Conference on Software Engineering: Software Engineering in Society10.1145/3510458.3513009(90-101)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510458.3513009
Show More Cited By

Index Terms

Smart toys and children's privacy: usable privacy policy insights from a card sorting experiment
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
      1. User models
      2. User studies
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

Smart toys for preschool children: A design and development research
Highlights
- A design and development process of a smart toy is proposed.
- Design guidelines ...
Abstract
The purpose of this study is to devise guidelines for designing, developing, and using a smart toy for preschool children. Smart toys are technologically developed toys constructed with a meaningful purpose. This study uses the design ...
Privacy for Children and Teenagers on Social Networks from a Usability Perspective: A Case Study on Facebook
WebSci '17: Proceedings of the 2017 ACM on Web Science Conference

Children and teenagers comprise a user group particularly susceptible to privacy infringement risks in Online Social Networks (OSNs). In this sense, the usability of privacy controls should be appropriate to such users. This study aims to characterize, ...
Smart toys: brave new world?
CHI EA '00: CHI '00 Extended Abstracts on Human Factors in Computing Systems

Technology is changing the way children play. But should we be excited or worried about the introduction of technology into children's toys? This panel of smart toy experts will examine the advantages and disadvantages of technologically-enhanced play ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIGDOC '19: Proceedings of the 37th ACM International Conference on the Design of Communication

October 2019

308 pages

ISBN:9781450367905

DOI:10.1145/3328020

Conference Chair:
Julie Staggers
Washington State University
,
Program Chairs:
Daniel P. Richards
Old Dominion University
,
Tim Amidon
Colorado State University
,
Ehren Pflugfelder
Oregon State University

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDOC: ACM Special Interest Group on Systems Documentation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 October 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

The Brazilian National Council for Scientific and Technological Development (CNPq-MCTIC) and São Paulo Research Foundation (FAPESP)
São Paulo Research Foundation (FAPESP)
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES)

Conference

SIGDOC '19

Sponsor:

SIGDOC

SIGDOC '19: The 37th ACM International Conference on the Design of Communication

October 4 - 6, 2019

Oregon, Portland

Acceptance Rates

SIGDOC '19 Paper Acceptance Rate 85 of 105 submissions, 81%;

Overall Acceptance Rate 355 of 582 submissions, 61%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
358
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)1

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Salgado AHung PFortes R(2023)Six usable privacy heuristicsProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638111(1-11)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3638067.3638111
Barth SIonita DHartel P(2023)Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design GuidelinesACM Computing Surveys10.1145/350228855:3(1-37)Online publication date: 30-Apr-2023
https://doi.org/10.1145/3502288
Guizani MSteinmacher IEmard JFallatah ABurnett MSarma ABegel ABlincoe K(2022)How to debug inclusivity bugs?Proceedings of the 2022 ACM/IEEE 44th International Conference on Software Engineering: Software Engineering in Society10.1145/3510458.3513009(90-101)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510458.3513009
Guizani MSteinmacher IEmard JFallatah ABurnett MSarma A(2022)How to Debug Inclusivity Bugs? A Debugging Process with Information Architecture2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS)10.1109/ICSE-SEIS55304.2022.9794009(90-101)Online publication date: May-2022
https://doi.org/10.1109/ICSE-SEIS55304.2022.9794009
Martín MMacías J(2022)A Supporting Tool for Enhancing User’s Mental Model Elicitation and Decision-Making in User Experience ResearchInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204188539:1(183-202)Online publication date: 18-Apr-2022
https://doi.org/10.1080/10447318.2022.2041885
Ling LYelland NHatzigianni MDickson-Deane C(2021)Toward a conceptualization of the internet of toysAustralasian Journal of Early Childhood10.1177/1836939121100732746:3(249-262)Online publication date: 28-Apr-2021
https://doi.org/10.1177/18369391211007327

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents